﻿using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Selectors;
using System.ServiceModel;
using Microsoft.IdentityModel.Tokens.Saml11;
using Veracruz.IdentityModel;

namespace Veracruz.Facebook.IdentityModel
{
    public sealed class AtcAsFacebookSecurityTokenServiceConfiguration : FacebookSecurityTokenServiceConfiguration
    {
        public AtcAsFacebookSecurityTokenServiceConfiguration():base()
        {
            // Setup the token requirement for the tokens in the RST/ActAs element
            SamlSecurityTokenRequirement actAsTokenRequirement = new SamlSecurityTokenRequirement();
            actAsTokenRequirement.IssuerTokenAuthenticators.Clear();
            actAsTokenRequirement.IssuerTokenAuthenticators.Add(new X509SecurityTokenAuthenticator(new ActAsSigningCertificateValidator(Veracruz.Configuration.VeracruzSection.Instance.ApplicationSecurity.SigningCertifcateName)));
            actAsTokenRequirement.AudienceUriMode = AudienceUriMode.Never;

            // The TokenElementHandlers property is null by default
            this.TokenElementHandlers = new SecurityTokenHandlerCollection();
            // Remove the default token handlers from the collection
            this.TokenElementHandlers.Clear();
            // We only accept SAML 1.1 tokens for ActAs in this sample
            this.TokenElementHandlers.Add(new Saml11TokenHandler(actAsTokenRequirement));
        }
    }
}
